BIG - EMR Granular Control

Quick Links

The ethical, logistical, and policy questions arising from allowing patients to have granular control of their EHR are among the most nuanced and complex to address – and they are largely responsible for the genesis of the project undertaken by the IUCB.  Among the many issues that need to be considered are:

  • determining the level of granularity at which patients can exercise access control;
  • how patients gain access to their own EHR (for which they have a legal right), in order to appreciate the scope of the information in their records;
  • patient understanding of clinical information (what it is, what is means, how it is recorded, how/why it is disclosed and to whom);
  • technological literacy, especially relevant if control choices are to be executed electronically;
  • emergency and/or other situations that might require overriding patients' choices and the extent to which criteria for overriding those choices can be pre-determined;
  • the likelihood that many patients' preferences for control of at least parts of their EHRs will change over time, and how those changes would be accommodated.

So while patient privacy provides the foundation for the ethical issues arising in patient granular control, when trying to conceptualize a system that will actually allow patients to exercise that control, many, more practical, issues arise.  I.e., it is not enough to say that, as a matter of either policy or patient autonomy, granular control should be implemented. A treatment of the practical implications of such a decision must be articulated and taken into account, in terms of system design, patient and provider education/training, and implications for clinical care. 

Over the past 18 months, the IUCB has been doing exactly that, in a project funded by the U.S. Office of the National Coordinator for Health Information Technology (ONC) in the U.S. Department of Health and Human Services.  What we have devised, with the input of a panel of nationally recognized experts in the field, is an ethics framework (a “Points to Consider” document) to guide informaticists and medical personnel involved in designing and implementing EHR systems as they encounter these very issues.  The document can be found here. (there will be a hyperlink on the word “here”)


Caine K, Hanania R. (2013) Patients want granular privacy control over health information in electronic medical records. Journal of the American Medical Informatics Association.  20(1):7-15. doi: 10.1136/amiajnl-2012-001023. PMID: 23184192

This article discusses a qualitative study done to understand how patients perceive the sensitivity of the health information, and further ascertain whether they would want to control with whom their information is shared and for what purpose. The study concludes that patients do desire control over who has access to their health information, particularly sensitive information, and that they should be provided with that control.


Datta, A, Dave, N, Mitchell, J, Nissenbaum, H, Sharma, D. (2010) Privacy challenges in patient-centric health information systems (Position Paper). 1st Usenix Workshop on Health Security and Privacy, August, 2010. (2 pages). Available at:

This article discusses Personal Health Record (PHR) systems, and the need to develop “socially acceptable privacy policies”  that govern how PHRs will be used in health information systems, along with technology and legal policy to enforce the privacy policies.


Mandl, KD, Szolovits, P, Kohane, IS. (2001). Public standards and patient’s control: how to keep electronic medical records accessible but private. British Medical Journal. 322(3 Feb): 283-286. PMID: 11157533

This article proposes two doctrines and six desirable characteristics to guide the development of online or electronic medical record systems. The two doctrines the authors propose are: 1) that record systems should be designed so that they can exchange all their stored data according to public standards, and 2) that patients should have control over access and permissions. As to the second point, the authors argue that if patients have no control over the fate of their medical information, they may not disclose important medical data, or may avoid seeking care because of the consequences of disclosing that data (i.e., for purposes unrelated to their clinical care).


Rothstein, MA. (2012). Currents in contemporary bioethics: access to sensitive information in segmented electronic health records. Journal of Law, Medicine & Ethics. 40.2 (Summer 2012): p394-400. PMID: 22789055

“This article reviews the complicated and contentious issues involved in wider access to segmented health information, the inadequacy of current laws, and the need to implement wide-ranging privacy policies before any system of segmentation is adopted.” (p. 395)


Rothstein, MA. (2011). Debate over patient privacy controls in electronic health records. The Bioethics Forum blog. 2/17/2011. Available at:

In this commentary, the author identifies some of the top privacy concerns in EHRs: that a wide range of providers will have access to information they do not need to know; that authorizations to disclose health records are often compelled for non-clinical purposes (e.g., employment or life insurance applications); that if privacy concerns are not adequately addressed in EHR systems, patient “defensive” practices (e.g., withholding information) with their physicians (to the possible detriment of their clinical care) might increase.  He then discusses the three main approaches to privacy in EHRs, and reiterates 6 goals for patient privacy controls.


Rothstein, MA. (2010). The Hippocratic bargain and health information technology. Journal of Law, Medicine, and Ethics. 38(1): 7-13. PMID: 20446978

The article discusses the impact of health information technology (HIT) on the physician-patient relationship, particularly in light of the fact that health information is used for so many purposes that extend far beyond the clinical care context, largely facilitated by HIT.


Wang, T, Pizziferri, L, Volk, LA, Mikels, DA, Grant, KG, Wald, JS, Bates, DW. (2004). Implementing patient access to electronic health records under HIPAA: lessons learned. Perspectives in Health Information Management 1(11): 1-11. PMID: 18066391

The article describes “Project Gateway,” a web-based portal that allows patients access to their electronic health records. The main aspects of the project the authors discuss are processes to authenticate and authorize both patient and staff users of the system and messaging (e-communications between patients and clinicians).

IU Center for Bioethics | 410 W. 10th St., Suite 3100 | Indianapolis, IN 46202 | Tel: 317-278-4034 | Fax: 317-278-4050